DumpZ
Apr 21 2004, 01:17 PM
I was wondering if it's possible to hide system services. Because on my test server/honeypot i saw some processes running which returned every time after boot. I searched the registry i really could find allot. (i'm not really familliar in the registry so maybe that is the problem)
But if it's possible to hide system services is there also a way to unhide it?
Flowers
Apr 21 2004, 02:03 PM
Try this
http://hxdef.czweb.org/ (rootkit)
(if hide, it s hard to unhide
)
DumpZ
Apr 21 2004, 03:29 PM
Well thanks but im kinda looking for something to unhide it aswell.
tuby
Apr 21 2004, 03:37 PM
If you're hxdef.ini is good, with a adequat root process, you can uninstall hxdef easily.
For example if in [root process] , u have backcmd.exe (copy of cmd.exe) :
backcmd /c hxdef -:uninstall
After a reboot, you can see/modify/delete your services.
Enjoy'
LKM
Apr 21 2004, 04:53 PM
As the guy before me said, HXDEF has a wide range of interesting use in order to hide / unhide services, process, tasks
I recommend you to try it, and then post here if you've got problems with it.
The only downside is that it made some hidden progs to crash on remote computers :|
phrozen77
Apr 21 2004, 08:17 PM
you may want to try rkd (rootkit detector) from haxorcitos...
-> google
radien
Apr 22 2004, 06:03 AM
Yup, I can remember sometime, that one of my friends keep track of processes(keyloggers/trojans/virii) that hide behind svchost.exe. It's because svchost runs some of windows services somehow. So look for svchost and how to hide behind it.
I hope it helps,
DumpZ
Apr 22 2004, 07:44 AM
Thanks you guys i'm getting started right away
Synchr0
Apr 22 2004, 06:06 PM
thx its nice rootkit:D
Lyeses
Apr 29 2004, 01:44 AM
Hxdef is a good rootkit.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
